Oversight Theater and Secret Law

It’s always hard to predict the effects of new legislation: Congress can call it a “job creation” bill, but at the end of the day, they’ve got to hope the world cooperates with their good intentions. But for the democratic process to function, legislators at least need to feel reasonably confident that they understand the immediate legal effects of the bills they’re voting for. Given the complexity of the American legal system, that’s often trickier than it sounds, but nowhere is the problem quite as pronounced as in the shadowy world of intelligence, where the legal memoranda and court opinions establishing how the law is to be construed are themselves routinely classified. Legislators who sit on a few supervisory committees may be cleared to access or empowered to subpoena the necessary documents, but in practice that information is only meaningful to the handful of cleared committee lawyers with the time and expertise to untangle the implications of those interrelated opinions and rulings. That’s in sharp contrast to the vast number of expert eyeballs, both within and outside the government, directed toward issues like health care reform or financial regulation.

The result, by analogy to Bruce Schneier’s idea of “security theater,” is a kind of “oversight theater.” We have what appear to be an array of monitoring mechanisms in place to check intelligence surveillance, but the watchdogs will in practice often lack a full picture of what they’re supposed to be overseeing. During the Bush administration, a handful of legislators were briefed on the National Security’s Agency’s program of warrantless wiretapping, but one of those few, Rep. Jane Harman (D-CA), has since asserted that she didn’t understand the program was being conducted beyond the limits of FISA, because she was forbidden from consulting attorneys with expertise in that obscure and complex statute. Only after the New York Times broke the warrantless wiretapping story in late 2005 did Harman feel at liberty to discuss the details that had been published with an expert on national security law, who confirmed that the program as it had been described could not possibly comply with FISA. Others, such as Sen. Jay Rockefeller (D-WV), similarly complained that the briefings legislators had received on the program were too thin to be of much use. During the debate over reauthorization of parts of the Patriot Act , Rep. Mike Quigley (D-IL) expressed his own frustration about the difficulty of determining what kind of reform might be necessary. “I am not even sure at some point what I can share with my staff to discuss, what I can share with anyone on this floor, or what questions I can ask without violating some of those [secrecy] issues,” Quigley complained during a November mark-up session. If legislators don’t understand what they’re looking at, formal access to classified information is about as meaningful as the ability to be briefed in Japanese.

In a recent post at Cato’s blog, I mentioned a rather striking illustration of this problem that I only recently discovered myself. The USA PATRIOT Reauthorization and Improvement Act of 2005 (actually passed in 2006) made a number of changes to Patriot surveillance powers, among them a provision requiring special high-level authorization before certain categories of sensitive records could be obtained under FISA’s “business records” provision, usually referred to as Section 215. The very slight contemporary discussion of this change seems to have universally taken for granted that this was an added limitation on intelligence powers. The legal analysis provided by the nonpartisan Congressional Research Service characterized these as “enhanced procedural protections”:

Section 106(a)(2) of the Act adds 50 U.S.C. 1861(a)(3), requiring that an application for a 215 order for the production of certain sensitive categories of records, such as library, bookstore, firearm sales, tax return, educational, and medical records, must be personally approved by one of the following three high-level officials: the FBI Director, the FBI Deputy Director, or the Executive Assistant Director for National Security. This provision was included as an attempt to allay concerns over federal authorities abusing section 215 authority to obtain sensitive types of records

In fact, the effect of this change was to enable access to many of these records for the first time. Unlike many other provisions of federal surveillance law, §215 doesn’t contain language establishing that its procedures apply “notwithstanding any other law.” But many types of sensitive records are, in fact, protected by an array of other federal laws providing enhanced privacy safeguards. For example, The Family Educational Rights and Privacy Act, commonly known as the Buckley Amendment, protects many educational records. And according to a report by the Office of the Inspector General, Justice Department attorneys had concluded that those other statutes also limited the use of §215 orders. It was only after the passage of the reauthorization bill, which made explicit reference to various protected types of records, that they determined that the §215 protocol overrode the higher standards established by other federal laws:

According to [National Security Law Branch] and [Office of Intelligence Policy and Review] attorneys, this legal impediment to obtaining educational records has been addressed. Section 106(a)(2) of the Reauthorization Act amended FISA by adding 50 U.S.C. §1861(a)(3), which specifically addresses educational, medical, tax and other sensitive categories of business records. The amendment provided that when the FBI is requesting such items, the request must be personally approved by the FBI Director, the FBI Deputy Director, or the Executive Assistant Director for National Security. According to several NSLB and OPPR attorneys we interviewed, because this provision clarifies that educational records are obtainable through the use of a Section 215 order, the non-disclosure provisions of Section 215 apply rather than the notification provisions of the Buckley Amendment.

Leave aside, for the moment, the question of what the standard for access to these records ought to be. What should be striking is that the people who voted on the language in the reauthorization bill seem to have believed it would create a stricter standard for access to the covered records, not a weaker one. It should be mentioned that this provision was one of the few “safeguards” to be included in the Republican version of the reauthorization statute produced in conference committee, and it’s possible that some of those responsible for its inclusion understood what its true effect would be. But it appears that even Sen. Patrick Leahy (D-VT), who now chairs the Senate Judiciary Committee and is surely one of the most knowledgeable and attentive legislators on surveillance policy, was unaware of how DOJ had construed the law:

While I believe that the conference report is an improvement over current law, the provisions related to section 215, national security letters, and roving wiretaps have still given me pause. First, under section 215, also called the business records provision, current law allows the Justice Department to obtain medical records, business records, library records, or other tangible items of individuals by merely showing that the items are relevant to a terrorism investigation.

Crucially, I can’t find any indication that any of the various civil liberties groups who were following the reauthorization process understood this either. That’s important because in most policy areas, outside lobbying groups—in addition to pushing for their preferred outcomes—effectively subsidize the legislative process by providing what amount to free legal analysis and consulting services. In the intelligence arena, however, there’s a stark information asymmetry: The intelligence officials and DOJ attorneys who brief members of Congress have access to an enormous amount of information that is unavailable to groups like the American Civil Liberties Union or the Electronic Frontier Foundation. Legislators and their overburdened staffs have access to the relevant information in theory, but there’s a firewall between them and the outside groups to whom legislative analysis functions are often effectively outsourced.

The problem in its general form is hardly new—EFF attorney Kevin Bankston has analyzed a variety of other surveillance contexts in which a similar “secret law” problem exists. But it’s harder to think of a more pointed illustration of the problem of “oversight theater” than this. The overseers—or at least some of them—understood themselves to be carrying out their watchdog function by tightening the safeguards on sensitive records, but unwittingly achieved the opposite result by implying that the existing safeguards had been superseded. It’s a good case to bear in mind when surveillance hawks argue that vigorous legislative oversight is any kind of functional substitute for the traditional judicial scrutiny we’ve been diluting away.